UseActiveDirectoryGroups - System Parameter
Understanding UseActiveDirectoryGroups
The UseActiveDirectoryGroups system parameter is a global configuration setting that controls whether Nodinite can associate Roles with Windows Active Directory groups for role-based access control. This feature bridges your organization's existing Active Directory infrastructure with Nodinite's security model, enabling centralized user management and eliminating the need to maintain duplicate role assignments.
Why This Matters:
When enabled (default: true), this parameter allows administrators to:
- Leverage existing AD infrastructure – Map Nodinite roles to Active Directory groups, eliminating duplicate user management across systems
- Enhance security – Centralize access control through your organization's established Active Directory governance policies
- Simplify user provisioning – Automatically grant or revoke Nodinite access when users join or leave AD groups
- Improve scalability – Manage permissions for hundreds or thousands of users through group membership instead of individual role assignments
How It Works:
When UseActiveDirectoryGroups is enabled, Nodinite extends its role-based access control system to recognize Windows Active Directory security groups as valid role members. This integration follows a straightforward workflow:
Sales-Team"] --> B[" Nodinite Role
Sales User"] B --> C[" User in AD Group
john.smith"] C --> D[" Automatic Access
Sales User permissions"]
style A fill:#87CEEB
style B fill:#90EE90
style C fill:#87CEEB
style D fill:#90EE90
Diagram: Active Directory group integration workflow showing how AD group membership automatically grants Nodinite role permissions.
Configuration Details
| System Parameter Name | Data Type | Values/Example | Default Value | Description |
|---|---|---|---|---|
| UseActiveDirectoryGroups | Boolean | true / false |
true (Enabled) |
Enables or disables Active Directory group integration for role-based access control |
Parameter Behavior:
true(Enabled): Nodinite roles can be associated with Windows Active Directory security groups. Users inherit role permissions through AD group membership.false(Disabled): Active Directory group integration is disabled. Roles can only be assigned to individual users or local groups within Nodinite.
Use Cases:
- Enterprise environments – Organizations with established Active Directory infrastructures who want to centralize user access management
- Compliance requirements – Environments requiring centralized access control and audit trails through AD governance
- Dynamic teams – Departments with frequent personnel changes who benefit from automatic provisioning/deprovisioning through group membership
Frequently Asked Questions
How do I change the value?
Changing a value for the pre-defined System Parameters is described in the 'How do I change the System Parameters' article.
What happens if I disable this parameter?
When UseActiveDirectoryGroups is set to false, existing role assignments to Active Directory groups remain in the Configuration Database but are no longer evaluated for access control. Users will lose permissions inherited through AD group membership until the parameter is re-enabled or roles are assigned directly.
Can I use both AD groups and individual user assignments?
Yes. Nodinite supports hybrid role assignment models. You can assign roles to both Active Directory groups and individual users simultaneously. A user's effective permissions are the union of all role assignments (direct and group-based).
Does this parameter require Active Directory to be available?
Yes, when enabled. Nodinite validates Active Directory group membership at runtime. If the domain controller is unreachable, users may experience authentication delays or be denied access until AD connectivity is restored.
Find more solutions to common problems in the Troubleshooting user guide.